Peerpartners

**Name of the Vulnerable Software and Affected Versions** display-widgets plugin versions prior to 2.04 **Description** The issue allows for XSS via the "wp-admin/admin-ajax.php?action=dw show widget" API endpoint, specifically through the `id base`, `widget number`, or `instance` parameters. **Recommendations** For versions prior to 2.04, update to version 2.04 or later to resolve the issue.